diff --git a/pillar.example b/pillar.example
index c83f31167db0b81d230a399ee932b7ca41dc9b96..26aa9ca15bc5bde67962384fee15513fd8ead751 100644
--- a/pillar.example
+++ b/pillar.example
@@ -121,12 +121,17 @@ systemd:
## networkd
networkd:
+ fileattr:
+ br0.network:
+ user: systemd-network
+ group: systemd-network
+ mode: "0600"
profiles:
network:
- # eth0.network
- eth0:
+ # br0.network
+ br0:
- Match:
- - Name: eth0
+ - Name: br0
- Network:
- DHCP: "yes"
diff --git a/systemd/defaults.yaml b/systemd/defaults.yaml
index 4a7e579241786a8561c845ba4d3db9e604cac230..c49268c41e134268b46f471ad268f3d4609ec4aa 100644
--- a/systemd/defaults.yaml
+++ b/systemd/defaults.yaml
@@ -22,6 +22,7 @@ systemd:
# networkctl reload is available since systemd 244
networkctl_reload: false
pkg: {}
+ fileattr: {}
path: /etc/systemd/network
service: systemd-networkd
wait_online: true
diff --git a/systemd/networkd/profiles.sls b/systemd/networkd/profiles.sls
index 7c5591167fcc6c5e05127dbc4ea2e908509ab372..225d0e8f6afed41496ba68b796823476768dd38a 100644
--- a/systemd/networkd/profiles.sls
+++ b/systemd/networkd/profiles.sls
@@ -10,21 +10,33 @@ include:
- systemd.networkd.reload
{%- endif %}
-{% if profiles is mapping %}
-{% for networkdprofile, types in profiles.items() %}
- {% for profile, profileconfig in types.items() %}
+{%- if profiles is mapping %}
-/etc/systemd/network/{{ profile }}.{{ networkdprofile }}:
- file.managed:
- - template: jinja
- - source: salt://systemd/networkd/templates/profile.jinja
+/etc/systemd/network:
+ file.directory:
- user: root
- group: root
- - mode: '0644'
- makedirs: true
- dir_mode: 755
+
+{%- for networkdprofile, types in profiles.items() %}
+ {%- for profile, profileconfig in types.items() %}
+ {%- set filename = profile ~ "." ~ networkdprofile %}
+ {%- set user = networkd.fileattr.get(filename, {}).user | default("root") %}
+ {%- set group = networkd.fileattr.get(filename, {}).group | default("root") %}
+ {%- set mode = networkd.fileattr.get(filename, {}).mode | default("0644") %}
+
+/etc/systemd/network/{{ filename }}:
+ file.managed:
+ - template: jinja
+ - source: salt://systemd/networkd/templates/profile.jinja
+ - user: {{ user }}
+ - group: {{ group }}
+ - mode: {{ mode }}
- context:
config: {{ profileconfig|json }}
+ - require:
+ - file: /etc/systemd/network
{%- if networkd.networkctl_reload %}
- watch_in:
- cmd: systemd-networkd-reload-cmd-wait
diff --git a/test/integration/default/controls/networkd_spec.rb b/test/integration/default/controls/networkd_spec.rb
index 7c90a008cb1d1c14e07fa86b4903143ee2ef5121..a870871621b760e741f12b8b9185bafeb451c80d 100644
--- a/test/integration/default/controls/networkd_spec.rb
+++ b/test/integration/default/controls/networkd_spec.rb
@@ -14,11 +14,11 @@ control 'Systemd Networkd' do
it { should_not exist }
end
- describe file('/etc/systemd/network/eth0.network') do
+ describe file('/etc/systemd/network/br0.network') do
its('type') { should eq :file }
- its('mode') { should cmp '0644' }
- its('owner') { should eq 'root' }
- its('group') { should eq 'root' }
+ its('mode') { should cmp '0600' }
+ its('owner') { should eq 'systemd-network' }
+ its('group') { should eq 'systemd-network' }
end
describe file('/etc/systemd/network/br0.netdev') do